CWE-765: Multiple Unlocks of a Critical Resource
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product unlocks a critical resource more times than intended, leading to an unexpected state in the system.
扩展描述
When the product is operating in a concurrent environment and repeatedly unlocks a critical resource, the consequences will vary based on the type of lock, the lock's implementation, and the resource being protected. In some situations such as with semaphores, the resources are pooled and extra calls to unlock will increase the count for the number of available resources, likely resulting in a crash or unpredictable behavior when the system nears capacity.
常见后果
影响范围: Availability Integrity
技术影响: DoS: Crash, Exit, or Restart Modify Memory Unexpected State
潜在缓解措施
阶段: Implementation
描述: When locking and unlocking a resource, try to be sure that all control paths through the code in which the resource is locked one or more times correspond to exactly as many unlocks. If the product acquires a lock and then determines it is not able to perform its intended behavior, be sure to release the lock(s) before waiting for conditions to improve. Reacquire the lock(s) before trying again.
观察示例
参考: CVE-2009-0935
Attacker provides invalid address to a memory-reading function, causing a mutex to be unlocked twice
引入模式
| 阶段 | 说明 |
|---|---|
| Implementation | - |
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| Software Fault Patterns | SFP21 | Multiple locks/unlocks | - |